On Mon, 28 May 2007, Unweitze Enweister wrote:
Cryptsetup-luks is easier to implement and maintain, but it does reveal
the algorithm to the adversary at the outset to anyone who examines the
disk with a luks dump command.
With dm-crypt properly set up, that should NOT be a problem, remember:
"[...] if I take a letter and lock it in a safe, and then
give you the safe along with the design specifications of the safe and
a hundred identical safes with their combinations so that you and the
world's best safecrackers can study the locking mechanism--and you
still can't open the safe and read the letter, that's security."
- Bruce Schneier
C.
--
BOFH excuse #197:
I'm sorry a pentium won't do, you need an SGI to connect with us.
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
